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(54) Abstract Title 

Resource reservation 

TLt^^J^ Vlded f ° r achi f vin u ? ^Won control to a public connectionless packet network. This 
provides a method of access control which allows service differentiation in a form which permits a user to 

™l u3 tV °t Se T°f gua T t6e WNch is better than 3 " best effort " service ' Each transmission by a user 
across the network includes a ticket message sent to the user from the network in response to a network 
resource (eg bandwidth) reservation request from the user. The required bandwidth when available during 

mZ^'?W ,S 3 ,OCated ior l hat Jnterval and reserve <* *>r an immediately following interval. The ticket 
messages includes information about the priority level of the transmission, and can be used in a 
connectionless network to determine the resources available for future transmission requests 
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At least one drawing originally filed was informal and the print reproduced here is taken from a laterfiled formal copy. 
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RESOURCE RESERVATION 

TECHNICAL FTRT. p pp THE INVENT TOW 

This invention relates to the field of resource 
reservation, and in particular to a method of 
controlling access to a communications network, and to 
components of a network using such a method. 
DESCRIPTION OP RELATED APT 

The Internet is a communications network which is 
becoming widely available. The Internet provides a 
"best effort" bearer service. That is, the user 
receives the best service available at the time he 
requests it, but no commitments are given to the user 
in terms of available bandwidth, transit delay, or 
packet loss. The Internet is particularly useful in 
data communications applications, but is of limited use 
for telecommunications applications which require 
guaranteed bandwidth availability, and specify maximum 
values for the transit delay and loss of data. The 
Internet cannot usually guarantee the required quality 
of service . 

One conventional way of achieving resource 
reservation, to be able to provide a required quality 
of service commitment, is to use connection states to 
store information in the network nodes about bandwidth, 
buffer parameters, connection identity and status. 
However, an advantage of the Internet is that it is a 
connectionless network, which therefore cannot use this 
technique without sacrificing the simplicity of the 
Internet. 

One conventional way of achieving bearer service 
differentiation, in a connectionless network, is to use 
a set of priority bits in the packet header. However, 
in a public connectionless network, it is still 
necessary to control how many connections use the 
highest available priority. if every connection uses 
the highest available priority, the network can still 



in effect only offer a best effort service to the 

""""A problem remains, therefore, as to how to control 
admission to the network. 

JE2Bi ^rerent invention seek! to solve the problem 
of achieving admission control and resource reservatron 
in a connectionless network. . „„ h „ . 

According to the invention, each transmission by a 
user across the network includes a message sent to 
user from the network. The message includes 
information about the priority level of the 
transmission, based on the user' s contract with the 
network Provider, and can subsequently be extracted by 
the network to determine how to handle the 
transmission^ ^ ^ ^ ^ faeing 

to detect the status of the connection, the relevant 
information is transmitted by the user with the data 
transmission, and can be extracted by the network as 

"^preferred embodiments, this information can be 
used for admission control and for routing purposes. 

For a better understanding of the present 
invention, and to show how it may be brought into 
effect, reference will now be made, by way of example, 
to the accompanying drawings. 

m T CT nRsc -rcTTON of mmnsss 

Figure 1 is a schematic representation of a 
network in accordance with the ^" nven ^ 01 ^*^ 

Figure 2 illustrates the flow of signalling 
messages in accordance with the invention 

Figure 3 is a flow chart indicating the steps 
taken in a method in accordance with the invention. 

Figure 4 is a graphical representation of an 
admission control procedure in accordance with one 
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aspect of the invention. 

Figure 5 illustrates a ticket protocol in 
accordance with an aspect of the invention. 

Figure 6 illustrates a network operating in 
accordance with an aspect of the invention. 

Figure 7 illustrates a network operating in 
accordance with another aspect of the invention. 
TYRTATT-iED nP.qrPTPTION OF PEEESBEBB EMBODIMENTS 

Figure 1 represents a network in accordance with 
the invention. In Figure l, a user at terminal A 
intends to send a message, in the form of data packets, 
to terminal B across the Internet. The Internet 
includes a large number of nodes, of which only a small 
number are shown in Figure 1. These are designated 
real-time routers RR, while the node to which the 
terminal A is connected is designated the access router 

AR. 

in accordance with preferred aspects of the 
invention, each node in the network, including users 
who may wish to send or receive data packets, has an 
internal clock. The clock at each node is used to 
measure time slots of size TO seconds, where TO is an 
arbitrary period of perhaps several seconds, chosen to 
be reliably greater than the maximum network transport 
delay. The nodes and terminals are synchronized to the 
network clock reference. 

As described herein, it is assumed that the 
network is able to support resource reservation from 
end to end. However, it will be appreciated that the 
invention is equally applicable when resource 
reservation is only available over a specific network 
domain, covering only a part of the end to end path, 
in such a case, the reservation protocol is terminated 
by the routers at the edges of that network domain. 

Resource reservation for a user data flow may be 
supported by different types of reservation protocols 



along the end-to-end path of the flow. For example, 
the protocol according to an aspect of the invention 
may be used over a specific network domain, covering 
only a part of the end-to-end path. An interworking 
function is then needed between the network domain 
supporting the protocol according to the invention and 
adjacent network domains using other types of 
reservation protocols. As a special case, an arbitrary 
type of reservation protocol can be used for the 
signalling between the user and the access node, while 
the network internal signalling is performed with the 
protocol according to the invention. The interworking 
function between the two types of reservation protocol 
is then located in the access node. 

Although the invention is described herein with 
reference to the Internet, it is applicable to any 
connectionless packet network, whether public or 
private . 

In accordance with preferred embodiments of the 
invention, the sender has a traffic contract with its 
network provider, under which a particular quality of 
service is guaranteed. This allows the network 
provider to offer service differentiation to users. 
Thus, users who are prepared to pay higher charges are 
able to guarantee access to higher bandwidths, or 
higher priority traffic handling. 

The flow of signalling messages during a data 
transmission will now be described with reference to 
Figure 2, while the steps taken in the access router AR 
will be described with reference to the flow chart of 
Figure 3 . 

When the sender wishes to initiate a data 
transmission, a user resource reservation request REQ-U 
is sent from the terminal A at point PI in Figure 2 , 
and received at the access router AR in step 1 of the 
method of Figure 3 . The resource reservation request 



specxfies the required bandwidth for the transmission 
the required traffic class, the source address and the 
destination address. These parameters are thus set for 
the duration of the transmission at this stage. 

In step 2 of the method, it is determined at the 
access router AR whether the resource reservation 
request passes the admission control. This admission 
control is performed in a way which is described in 
more detail below. if the resource reservation request 
does not pass the admission control, the request is 
denied. 

As described in more detail below, the information 
needed for admission control is not stored in the 
network on a per connection basis, but can be extracted 
by the network as required from messages associated 
with every transmission which gains access to the 
network. Thus, these messages must contain all 
information which is necessary to allow the network 
nodes to perform admission control and policing of the 
transmission as required. 

If the resource reservation request passes the 
admission control, the method passes to step 3 at point 
P2. Here, the access router AR sends a network 
resource reservation request REQ-n across the Internet 
to the terminal B. Each node in the transmission path 
can perform resource reservation and admission control 
For example, at point P3 , admission control is carried 
out by the node RR. if the required bandwidth is 
available across the network, an acknowledgement ACK is 
sent from the terminal B to the access router AR at 
point P4, and received in step 4 of the method. 

Following receipt by the access router AR of the 
acknowledgement message ACK, required information about 
the state of the connection is passed from the network 
to the user A at point P5 and in step 5 of the method 
Specifically, information about the resources allocated 
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.-n* other connection parameters (for 
to the connection, and other c contract) is 

example those specified in the "*« 1C .„ . 

.- fm. the access router AR to the senoe 
I t message Ml • The information in the ticket 
trcket message proCe cted by a digital 

M33 :: r 1 to prevent its alteration by the user A. 
Te calculation of the digital signature is 

described in more ^ ail ^ func ^ on „ hich is similar 

The ticket message has a tunctroi 
in some ways to the priority bits which can be added to 
^picket header before _ age 

^ork Itself, so that it becomes possible to 
the network service whicb is in 

ensure that users r ,.„„„, ser vice guarantees, 

~— ^ 

"sources which go beyond those guarantee^ 

m one embodiment, the user must still set 
• >„ bits in a conventional way, but the ticket 
priority che network and transmitted by 

message, determines y „„ tM which priority 

the user with the data flow, P a partlcul ar 

levels may validly be set by the user for 

data flow. helow the ticket 

As discussed in more detail below, t 

r in step 5 of the method shown in 
message Tl, sent in step 5 ^ ^ ^ 

Figure 3, is sent at time . TO. and as will 

slo t of duration T, *»- « ^ t he ticket also 
ba described in more detail f ^ che 

al lows the node res- ^ ^ ^ 

subS e*ient time slot, name ^ ^ ^ ^ ^ 

^refeUrto the admission control which is 

performed at the node AR. sender A, 

On receipt of the ticket message Ml, the 
.t point P6 in Figure 2, sends a data packet. 



with the ticket message Ml. 

At point P7 in Figure 2, and in step 7 of the 
method, the node AR is now able to police the data 
packet, by confirming that it complies with the 
original request REQ-U, in respect of which the ticket 
message Ml was issued. 

Assuming that the data packet does comply with the 
requirements specified in the ticket message, it is 
transmitted in step 8 of the method to the subsequent 
node RR, and hence to the receiving terminal B. 

At point P8 in Figure 8, the receiving terminal B 
sends an acknowledgement message ACK, which is returned 
to the access node AR, and received in step 9 of the 
method. 

At point P9 in Figure 2, and in step 10 of the 
method, a further ticket message M2 is then returned to 
the sending terminal A. This ticket message M2 is 
valid for the time slot from time Tl until T2, and 
effectively reserves band width for the subsequent time 
slot from time T2 until T3 , as discussed above with 
reference to the message Ml. 

The process then cycles until such time as the 
sending terminal A has completed transmission. Thus, 
in step 11 of the method, a further data packet 
containing the ticket message M2 is received at the 
node AR. 

The method for performing admission control at a 
network node will now be described in more detail. In 
accordance with the invention, admission control is 
performed in each node of the network. Admission 
control is carried out on the basis of policy rules 
(for example, does the sender have a service contract 
which allows him to send a specific message type to a 
particular destination at a particular time) , and on 
the basis of availability of resources. Admission 
control on the basis of policy rules is carried out in 
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a conventional way, while admission control on the 
basis of availability of resources is described further 

herein. . , 

As mentioned above, each node in the network has 

s an internal clock, which works on the basis of ti» 

slots of length TV _ 

in one embodiment, the phase of the periodical 
transmission of ticket messages from terminals is 
synchronised to a common reference, and the beginnings 
oithe time intervals within the network nodes are 
1 ^chronised to the same reference. Moreover, the time 

slot length T. is chosen to be longer than the ^ 
case network transport delay. In this way, £ 
can be transmitted at times which guarantee that they 
arrive at network nodes at a safe distance from the 
1 edges of any time slot, thus ensuring that the tickets 

will be received within the intended time slot. It 
this situation which is illustrated in Figure 2. 

However, in an alternative embodiment, the clocks 
in the different nodes need not be synchronised^ 

As described above, a ticket message issued from 
an access router to a sending terminal, comprises m 
effect a permission to transmit a pack et with a 
specific band width at priority level until the ticket 
empires. The ticket is typically valid for one time 
s^ot, which may for example have a duration of a few 
seconds. In the event that the user wishes to transmit 
data for a longer period, it is undesirable to force 
Lt user to make a completely new reservation request, 
30 with the associated risk that the request would be 

denied if resources were unavailable. Rather, in 
accordance with the invention, a user having an 
established reservation has a higher priority when 
renewing that reservation, than a user requesting a new 

35 reservation. rr-irm-r^ 

Thus , as described above with reference to Fxgure 



2, each ticket message Ml, M2 , M3, transmitted from the 
access router AR to the sending terminal A is itself 
valid for a current time period in order to prove that 
resources have been reserved for that time period, but 
is also valid to make a resource reservation for the 
immediately subsequent time slot. 

When the sending or receiving terminal wishes to 
terminate the reservation, a received ticket message 
can simply be discarded, and not returned to the access 
router. The loop is thus broken, and no new tickets 
are issued. The links along the path from sending 
terminal to receiving terminal will then calculate a 
decrease in the reserved bandwidth, and will thus be 
able to allocate more bandwidth for new resource 
reservations . 

Alternatively, if a sending terminal wishes to 
release bandwidth which has been reserved, it can send 
a release ticket message to the access router at any 
time . 

In addition, if, for any reason, a sending 
terminal does not receive a new ticket at an expected 
time, it transmits with its next packet of data a non- 
acknowledged ("NACK") ticket message in its place. 
This ticket NACK contains exactly the same information 
as the previously transmitted ticket. For the purposes 
of bandwidth reservation, one such non- acknowledged 
ticket message NACK can be treated as a valid renewal 
request . 

We can define an admission decision rule for the 
nodes in the network. Assume that a node gets a 
request for bandwidth B r on a link during time slot t n/ 
i.e., it is necessary to decide whether to admit the 
flow for time slot t n . The admission decision is made 
on the basis that: 
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max 



" B r - B a (0 - B req ( tn ) + B re ft n ) * ° 



where 

is the maximum bandwidth that can be 

max 

supported on the link. 
B a (t n ) is the total new bandwidth admitted on the 

5 link for time slot t n . 

B re (t n ) is the requested and admitted bandwidth so 

far on the link for time slot t n . 
B re i(tJ is the bandwidth on the link released so far 
for time slot t n . 
10 Thus, the decision rule only depends on the 

internal time intervals within the nodes and the 
decision rule is the same, independent of whether the 
network is synchronised or not- Furthermore, this rule 
gives a "yes" if and only if indeed the requested 
15 bandwidth can be supported by the link. 

Thus, the node stores link states, each containing 
the aggregate reserved bandwidth on a link, but does 
not store the reserved bandwidth allocated to a 
particular connection, although it can obtain this 
20 information from a ticket message sent on the 

connection. 

Then, let 

= B a (Q - BJt n X 

and let 

B m (0 = B a (0 = B a ( ti ) = 0. 

We update B a at the end of time slot t n as: 

- B a (t n ) + B req (f n ) - B re ft n ) - maxCO^Cv,) - B^tJ) 



25 where: 
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B m (t n ) is the bandwidth on the link measured from 

the "renew" and "NACK" tickets during time 
slot t n . 

EnackCtn) is the total bandwidth on the link from 
"NACK" tickets during time slot t n . 
The result is that, if a sender stops sending 
tickets and there are no lost tickets deeper in the 
network, the bandwidth is released after two internal 
time intervals in all the nodes. This works 
independent of the clocks of the different nodes. 

The reason for using max(0 ,B A <t B . x ) - B nack (t n )) to 
update B a (t n+1 ) instead of just B A (t n .J - B nack (t n ) , is 
that if some bandwidth measured at the node is 
associated to a ticket which is lost deeper in the 
network, B^t^) - B nack (t n ) might be greater than zero. 
If this is the case we should obviously not reserve 
more bandwidth than we already have reserved. 

This form of admission control is illustrated 
graphically in Figure 4 . 

In the example of Figure 4 the vertical axis 
represents the current estimate of the admitted 
bandwidth, while the horizontal axis is the time axis. 
The time at the particular node is divided into slots, 
as previously discussed, with the end points of the 
slots being designated TO, Tl, T2, and so on. Thus, in 
Figure 4, each rectangle represents a reservation or 
reservation request, with the height thereof 
representing the bandwidth required. White rectangles 
represent reservation requests, while shaded boxes 
represent allocated tickets which reserve bandwidth 
during a particular time slot. 

Thus, in Figure 4, at point tA, a bandwidth 
reservation request is received, and this remains valid 
for the time until TO, and for the whole of the 
subsequent time slot until Tl . At time tB, a second 
reservation request is received, and this remains valid 
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until the next end point Tl, and for the whole of the 
subsequent time slot until time 12. A third 
reservation request is received at time tC, and, at 
each of these points, the estimate of admitted 
bandwidth is updated to include bandwidths requested in 
the most recently received reservation request. 

At time tD, a fourth reservation request is 
admitted, but the required bandwidth therefor is such 
that, to admit that flow would result in the estimate 
of admitted bandwidths exceeding the maximum bandwidth 
for that particular traffic class. Thus, the fourth 
reservation request is not admitted. 

At end point Tl, the ticket issued in respect of 
reservation request A becomes valid, and so, for the 
time slot from Tl until T2 , the bandwidth estimate is 
based on the bandwidth allocated by that ticket, and by 
the reservation request B and C. 

During the time slot from T2 until T3, tickets for 
the three flows A, B and C are all valid. At time T3 
ticket loop A stops, and so the estimate of admitted 
bandwidths falls. Similarly, at time T4 , ticket loop C 
stops, and the estimate of admitted bandwidth falls 
again. Finally, at time T5, ticket loop B stops, and 
the estimate of admitted bandwidth falls to zero. 

The discussion of admission control above has been 
on the basis that the network nodes are synchronised. 
However, as previously mentioned, the method and 
apparatus of the present invention may allow the use of 
a non-synchronised network, by an appropriate 
modification of the ticket messages. To achieve this, 
each node in the network works with internal time slots 
which are alternately designated -0" and "1". When a 
node receives a ticket request, it then includes m the 
ticket a synchronisation bit which corresponds to the 
designation of the time slot in which the ticket 
request has been received. This ensures that, although 
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the different nodes in the network are not synchronised 
with each other, it is always possible to deduce the 
time slot in which a request has been received. The 
lack of synchronisation may mean that it is otherwise 
not possible to tell in which of two adjacent time 
slots a request has been received, but the 
synchronisation bit will always allow that distinction 
to be made . 

If a resource reservation request is allowed, that 
is, it passes the admission control, a ticket is issued 
as mentioned above. 

The ticket protocol, defining the form of the 
ticket, will now be described in more detail with 
reference to Figure 5. As will be apparent, the ticket 
needs to include source and destination addresses and 
an indication of priority in the IP-header, but must 
also contain other relevant information, which is 
preferably set out in a format as shown in Figure 5, 
and as described below. 

Counter 8 bits wide. A counter filed initialized 
to zero and incremented at each node where a 
synchronisation bit is used. This field is used for 
the nodes to find the correct synchronization bit. 

Length 8 bits wide. The length of the 
Authentication data field in 32 bit words. 

Signal 8 bits wide. Information of type of ticket 
message . 

Synchronization bits 40 bits wide. The 
synchronisation bits used by the nodes. This implies 
that a maximum of 40 admission nodes can be used for a 
non synchronised network. 

Bandwidth 32 bits wide. The reserved bandwidth 
over the link. 

Authentication data. The length of this field is 
variable, but is always an integral number of 32 -bit 
words . 
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If only the access node uses the authentication 
data it would be convenient to only use a 3 2 -bit 
authentication data field. If more nodes will use 
authentication data for the digital signature, we 
suggest that the authentication data field should be 
used as a stock where each node which uses an 
authentication data field either add or remove the 
authentication data from the stock. A default length 
of an authentication tag should be 32 bits. 

A method for calculating the digital ticket 
signatures is now described. As mentioned above, all 
the nodes in the network have internal time slots, and 
successive time slots of the access node are designated 

Each slot has a duration of time 



as t 1# t 2 , t 3 , t 4 



Each node, which wants to be able to put a 
signature to a ticket, holds one general key and one 
series of time keys. The series of time keys is 
generated and kept internally within the node, and 
never transmitted to any location outside ^ 
The general key is denoted by k and the time dependent 

is associated with a specific key k.. The parts of the 
ticket message to be protected are denoted by m, and 
the ticket signature associated with this ticket 
m essage by s m . Thus, an authenticated ticket message 
issued by a real time node at slot t n consists o m 
concatenated with s m , i.e., [m, sj n . To sign a ticket 
message which arrives at the node time interval t n we 
use the keys k and k n+1 to sign the ticket message m. 
Let f be the signing function, thus, 

[m, sj„ = [m, fim, k, *„ +1 )] 

The signing function f can be chosen using the 
authentication method proposed in J.L. Carter and 
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Wegman, "New hash functions and their use in 
authentication and set equality- , Journal of Computer 
and System Sciences, vol. 22, pp. 265-279, 1981 or 
B. den Boer, "A simple and key- economical 
unconditionally secure authentication scheme", Journal 
of Computer Security, vol. 2, pp. 65-71, 1993, and 
T. Johansson, G. Kabatianskii and B. Smeets, "On the 
relation between A-codes and codes correcting 
independent errors", Proceedings of Eurocrypt '93 lncs 

765, Springer-Verlag, pp.i-n i 993 i 

, . „ s 1A ' is»93. The latter method 

briefly described below. 

Assume that we can rewrite m in the following way 
™ (m 1 , m 2 , n^) , where each mi e CF(2 r ), ■ 



i • e . , an 



element „ the finite field consisting of r bits. if m 
not xs a precise multiple of r bits we may assume that 
we pad 0 bits to m such that the length equals a 
multiple of r. Furthermore, assume that k x k 



GF(2 r ) 



Now, we use the following formula to calculate 
GF(2 r ) : 



+ m l 



Thxs gives a probability for anyone, who only 
observes one signature signed with Kt to succeed in 
changing m without detection by the access node, of- 



independent of the computing power of the adversary 

To verify a ticket signature at time period n, the 
node uses the keys k and k„ to verify the signature 
according to the formula above, i.e., it uses the 
present key to check a signature and the key for the 
next slot for calculating a new ticket signature. The 
key to be used is determined by the slot at which a 
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Thus, in the case 



arri ves downstream at a nods. Thus, in tne o 
I the network nodes are not synchronised when the 
ircess nodi Puts its stature to the ticket before 
acccs , _ • v.-G to use the 

forwarding it to the sender^ ^ ^ ^ COIrect 

synchronisation bit to be able t 

>ev for calculating the signature, i.e. , the * y 
^responding to the slot time T fro. «^J£ ™ 

£irs t arrived at ^tination addresses 

preferably protect th excepc che 

" tl fir ^ s deeperTn the network which want 

— — — srrrs: srutss. 

„ h ich is unigue to a particular t^slot allo^ _ 
node to verify that a rece ^ ^ ^ 

issued in respect of the time 

received. ht not haV e a 

mcidentally, * transrai ssion delay, the 

perfect clock, and due to the lgnatures 
access node should ^^J^ C the 
calculated both with key K and k... arc 
transition fro. time interval t to t • ^ 
m accordance 1* o the Qf 

~-f virket messages can also anuw 
use of ticket me a frQm sender co 

traffic flows in the event that a ^ 
receiver must be changed. A node within a 
a routing table 

Tch-Tn^ network topology, or a link 

£a "7n-a connectionless network a router ^ately 

re-routes all the traffic related to . specr c entry^ 

4-'^~ t-aVTLe when that entry is upua 
in the routing tar>xe wn^n 
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works for best effort traffic but is not allowed for 
already established connections with reserved 
resources, which first must pass an admission control 
along the new path. Therefore a mechanism must be 
introduced to prevent this immediate rerouting of 
traffic with reserved resources. 

In accordance with this aspect of the invention, 
prior to the replacement of an output link in a routing 
table entry, the traffic on the link is stopped by 
discarding all tickets, thus breaking the ticket loop. 
Moreover, the reserved traffic that is routed according 
to the changed entry is given the low priority of 
unreserved traffic. The user must thereafter initiate 
a new reservation request in order to reserve resources 
along the new path. 

The mechanism works as follows: suppose that the 
routing table changes from the "old" to the "new" set 
of router output ports in Table 1. As can be seen, the 
traffic that was previously routed to output port C is 
now routed to output port A or B. Since the traffic 
that has been rerouted has not passed any admission 
control on the new output ports, the ticket messages 
must be stopped, and the priority of the payload 
packets must be reset to the low priority of unreserved 
traffic . 
Table 1 



destination address 


old output port 


new output port 


destination address 1 


port C 


port A 


destination address 2 


port A 


port A 


destination address 3 


port B 


port B 


destination address 4 


port C 


port B 



This is achieved by introducing a temporary 
"switch-over" state for the entries in the routing 
table with a changed output port. Packets which are 
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routed according to the -switch-over" state are given 
the low priority of unreserved traffic, and txcket 
usages are dropped. The principle is illustrated in 
Table 2, which shows the routing table with the 

» switch-over" state . 

Table 2 



dest address 1 



old output 
port 

port C 



Idest address 2 



dest address 3 



dest address 4 



switch-over state 



new output 
port 



port A + drop 
ticket, lower 
priority 



port A 



port B 



port A 



no change (port A) 



port A 



no change (port B) 



port B 



port C port B + drop 
ticket, lower 
ipriority 



port B 



The switch-over state is kept until all ticket 
loops are broken, which takes two time intervals Ta, 
an/is indicated by the absence of new ticket messages. 
Tbe ticket protocol is then ready to operate as normal 
according to the new routing table, and the switch-over 
state will be terminated. 

Since the ticket loop has been broken, the user 
who wishes to restore the reservation must do this by 
issuing a new resource reservation request, wh.ch wxll 
be routed according to the new routing table 

in some cases the change of the routing table is 
the result of a well controlled network management 
activity, where the operator has ensured that 
sufficient resources for the rerouted traffic are 
available on the new path. Then there is no need to 
force a new admission control and resource reservation 
procedure by breaking the ticket loop as described 
above. The switch-over mechanism should therefore be 
disabled in this type of controlled rerouting. The 
user data flow and the ticket messages are then 
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20 



rerouted as soon as the routing table is changed The 
resource reservation is controlled by the ticket 
message and will thus be installed on the new path 
Since it is assumed that resources are available on the 
new path, no admission control procedure is needed when 
installing the new reservation, and there is thus no 
need for the user to send a resource reservation 
request message. The user does not have to be notified 
about the route change and just continues to send 
10 ticket messages as usual. 

in a network operating in accordance with aspects 
of the invention, the sender of the user data flow 
makes a resource reservation and will in most cases be 
charged for this reservation. It is therefore natural 
that the sender will have an interest in the 
performance of the network service. m order to 
deliver performance feedback to the sender, the 
receiving terminal measures the performance of the 
received packet flow in terms of delay and packet loss 
The result of the measurement can then be delivered to' 
the sending terminal by inserting it in the ACK and 
ticket messages discussed previously and shown in 
Figure 2 . 



15 



25 



30 



35 



in accordance with aspects of the invention 
admission control and resource reservation are done on 
a hop by hop basis, i.e., the decision to accept or 
re 3 ect a reservation is made locally by a resource 
management entity at each router. However, in some 
cases it may be advantageous to perform the resource 
management in a centralised manner. The introduction 
of resource management into a best effort network can 
then be achieved by adding a central resource 
management controller. The need for updating or 
replacing already installed routes can then be 
minimized, since they do not need to handle the 
admission control and resource reservation functions 



■ v-t- protocol discussed above might be used 
in JT^TS S as described with reference - 
xn this typ a network operatxng in 

Figure 6. Fxgur invention. The 

accordance with an aspect 

i ^-Svided into subnetworks, or 
network is diviaea xrn. ■ 6 . Each 

— C ^rA^r^- confer 
subnetwork include a r ^ ^ B _ ^ 

IRMC ' • T thin each subnetwork is designated as an 

Z -re are other nodes, or routers 

R - . ^, oct reo from the sender 

A is forwarded to the res admiss ion control 

and resouj-o resource 
controller keeps a record of all the 
reservations within the subnetwork Bas '° 
reserv controller can perform admission 

information, the contr t a reservation 

control, i.e. acce « che request is 

r ^ est d - d " t :::: p aio; g ^ p.* ^ T 

way tc the at the sender, and a 

returned to the access by ^ acoess 

ticket message will be sent dically fo rward 

router ». The sender will then P 

ch e ticket message along with the aur aticn 

i-^cket message may nave d ^ 
Alternatively, the ticket # and may 

of only one time slot, as discus describ ed 
need to be renewed with each data packet, 
with reference to Figures 2 and 3^ ion of 

" From the user's point of view t P her a 

• v >- rvrotocol is thus independent of whetner 
the ticket protocol is or whe ther 

resource -nagement — ^ ^ ^ fey hop 

resource management is perro 
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basis . 



acro , Th ;; Ser d " a 13 larded along the optimum path 
across the network, and does not need to pass the 
resource management controllers. The ticket message 

2 : that tT ted "^^^ —cement controllers 

so that they can keep track of the status of each 
connection. 

Alternatively, as shown in Figure 7. the ticket 

data"* ^ r ° UCed al ° nS ChS Same *> ath - «*• user 
then' I f 3CCeSS rOUt " S ** C ° ~ ch "*-t-o* would 
when tb \ T rSSOUrCe ™ ana S— «= controller R«c only 
when the ticket message indicates a change in the 
status of the connection. The latter alternative is 
advantageous for a large subnetwork where the resource 
management controller would be over-loaded by all the 
ticket messages. By only sending a notification when 
the status of each connection is changed, the number of 
messages to the controller can be reduced. 

If all the ticket messages are forwarded to the 
controller, then it can operate without storing states 
about each connection. If cnly change notifications 
about the status of each connection are sent from the 
access router to the controller, then both the access 
router AR and the controller KMC must keep states per 
connection. * 

It must also be possible for the resource 
management controller to terminate the reservation by 

th t^ket t±Cket l0 ° P - ™ S iS —^"orwaro- when 
the txcket messages are routed via the controller as in 
Pxgure 7. since it can discard the ticket message. 
When the ticket messages are routed along with the 
data t he resource management controller RMC sends a 
notafxcatxon to the access controller with an 
xnstruction to break the ticket loop for a specific 

connection by discarHina 

vy discarding the corresponding ticket 

message. 
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f to note that the ticket protocol 
It is important to note tn« 

»>,. „ser and the network is 
interface between the user a resource ma nagement 

completely independent of whether a^ ^ 
controller is used or not. r the network 

ma tter for the network ma nagement 
shou ld he to figures S and 

controller as on and Emission control 
7, or if resource res d ^ by a 

snould he performed - - ^ hop . 

-T,r^ - * iOTention is that an 

operator can choose to run his network ^ina _ ^ ^ 
connectionless m - ■ ^ formation in the 

connection orienteo connection 
r eguest and ticket messages to se jp 
state for the data flow- _ ^ 

through several operate ^ 
networks operating - ^ mode in 
advantageous to use a rest of 

i-»-r- to support charging, wnxx 
access router to su P P ctionleSS manner. 

the network operates xn a co aiiows 
There is thus descrxhed a syste gs 
bearer service dif f erentxatxon xn a 



network - 
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CLAIMS 



1 - A method of reserving network resources for a 
transmission, the method comprising: 

at an access node in the network, receiving 
resource reservation requests from sending network 
users connected thereto, each resource reservation 
request specifying an intended destination and a 
bandwidth requirement; 

in response to each received resource reservation 
request, performing an admission control procedure- 

m the event that the resource reservation request 
passes admission control, transmitting a request across 
the network to the intended destination associated 
therewith to allow other nodes to perform admission 
control procedures; 

in the event that the resource reservation request 
passes all admission control procedures to the intended 
destination, sending from the access node to the 
sending network user associated therewith a ticket 
message containing all necessary connection 
information; and 

from ^ l0Wi ^. aCCeSS to the ~twork for a transmission 
from the sending network user when the transmission 
includes the ticket message, 

wherein the admission control procedure at the 
access node determines whether the required resource is 
available during a time slot by: 

determining what resources have already been 
allocated during said time slot, and what resources 
have already been reserved or requested, 

wherein sending a ticket from the access node to 
the sending network user during a time slot allocates 
the required resources for said time slot, and reserves 
the required resources for a second time slot 
immediately following said time slot. 

2. A method as claimed in claim i, wherein, when 
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„„rte receives a transmission from the 
the access node the tlcket me ssage, a 

sending network user ^ tQ 

second ticket mess age is sen ^ ^ 

th e sending »'~f net „ or k user during the 

Che r "me 11 : t abates tne required resources for 
second time si rese rves the required 

said -=ond -e siot. and ^ 

resources for a uhi 

said second ^-'allocating bandwidth on a network 

lin k, the method ■~^J£^ J £ t £*. * 
required bandwidth is ^ l ab e ^ 
time slot and, if the requ ^ ^ £or a 

allocating the bandwidth for sar 

.jiai-olv following said time siot. 
time slot immediate ly ^ . 

transmission -m a first network user, the method 

comprising: . slots based on a 

defining a succession of time slo 

clock signal; netw0 rk a resource 

^rttriree: «. — — - - 

^f^Th^he required resource is available 
° n 3 senaing^ rework to the first network user 
3 ^lowirTacce^to the network for a transmission 

£ rom rri/st network user when the 

includes the ticket message, the ticket 

valid for a duration of one time slot^ 

5 A method as claimed in claim 4, 

successive time slots at said node 

alternating binary values and ^e ^ ^ 

includes a synchronization bi * ticket 
binary value denoting a time slot m 
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message was generated. 

6 . A method as claimed in claim 4 , wherein the 
ticket message includes a digital signature, calculated 
on the basis of a key which is used only during a time 
slot in which said ticket message was generated. 

7. A method of reserving network resources for a 
transmission from a first network user, the method 
comprising: 

receiving at a node in the network a resource 
reservation request from the first network user to 
initiate a reservation; 

confirming that the required resource is available 
on a first link from said node to a destination 
address; 

sending from the network to the first network user 
a ticket message containing connection information; and 

allowing access to the network for a transmission 
from the first network user when the transmission 
includes the ticket message, 

wherein, when it is determined that the link is no 
longer available and that an alternative link must be 
used, the ticket message is dropped. 

8. A method of reserving network resources for a 
transmission from a first network user, the method 
comprising: 

receiving at a node in the network a resource 
reservation request from the first network user to 
initiate a reservation; 

confirming that the required resource is available 
on a link from said node; 

sending from the network to the first network user 
a ticket message containing connection information; and 

allowing access to the network for a transmission 
from the first network user when the transmission 
includes the ticket message, 

wherein it is determined whether to allow access 
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to the network on the basis of resources allocated by 
previous ticket messages, and 

wherein the ticket message remains valid for a 
predetermined time period such that, in the event of a 
network error, the resources allocated thereby are 
released after expiry of the predetermined time period. 

9 . A method of reserving network resources for a 
transmission from a first network user, the method 
comprising: 

receiving at a node in the network a resource 
reservation request from the first network user to 
initiate a reservation; 

confirming that the required resource is available 

on a link from said node; 

sending from the network to the first network user 
a ticket message containing connection information; and 

allowing access to the network for a transmission 
from the first network user when the transmission 
includes the ticket message, 

the ticket message being valid for one time slot, 
as defined by the network, and including a digital 
signature, calculated on the basis of a key which is 
used only during a time slot in which said ticket 
message was generated. 

10 A method as claimed in claim 9, wherein when 
a transmission including the ticket message has been 
completed, the network sends to the first network user 
a second ticket message containing connection 
information, the second ticket message being valid for 
a further one time slot. 

11 A method of reserving network resources for a 
transmission from a first network user, the method 
comprising: 

receiving at a node in the network a resource 
reservation request from the first network user to 
initiate a reservation; 



confirming that the required resource is available 
on a link from said node; 

sending from the network to the first network user 
a ticket message containing all necessary connection 
information; and 

allowing access to the network for a transmission 
from the first network user when the transmission 
includes the ticket message, 

wherein the determination as to whether the 
required resource is available on the link is made at a 
central resource controller. 

12. A method as claimed in claim 11, wherein the 
central resource controller controls the allocation of 
resources within a subnetwork made up of a plurality of 
nodes . 
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